Method for managing information processing system and data management computer system

ABSTRACT

An ACL, a setting table, and backup data are used to create an inter-base data sharing file system at a base permitted to share data. This enables data to be shared by bases. In a process for restoring backup data, with reference to the ACL and the setting table, a data management computer system determines whether or not each restore destination base is permitted to share data, and executes a restore process only on restore destination bases permitted to share data.

TECHNICAL FIELD

The present invention relates to a method for managing an informationprocessing system and a data management computer system, and forexample, to a technique for managing data in a storage system in acomputer.

BACKGROUND ART

The amount of digital data, particularly file data, has been increasingrapidly. An NAS (Network Attached Storage) is a storage device suitablefor allowing a large number of computers to share file data via anetwork. At present, many file data storages utilize NAS devices.

Digital data including data files needs to be stored for a long periodfor a variety of purposes, for example, in order to meet various legalrequirements. A CAS (Content Addressed Storage) ensures invariance ofdata to provide a solution for long-term data archiving. In general, thecurrent data is stored in an NAS device as long as the data is used, andis subsequently migrated to a CAS device for archiving. The migrateddata is also called archive data. For example, E-mail data on an NASdevice may be archived in a CAS device in order to comply with therelevant regulation.

When a data file is archived, the path name of the archived file ischanged. For example, the path name of a file A is changed from//NAS-A/share/fileA to //CAS-A/archive/fileA. To allow a NAS client tobe notified of the change in the file path name, stub information (alsocalled a stub or stub data) is generated in the NAS device. The stubincludes a source location in the NAS device and a file destinationlocation in the CAS device. The stub information allows the NAS clientto know that the file has been migrated and that the path name has beenchanged as a result of the archiving. The stub information includes thedestination file path of the migrated file. The NAS client can use thestub information to determine where the archived file data is actuallypresent. Furthermore, the NAS device and the CAS device can use a GNS(Global Namespace) to integrate namespaces.

The NAS device needs to be backed up in order to prevent data loss whenthe NAS device is faulty. If the NAS device and the CAS device use theGNS to integrate namespaces, backing up even the actual archive data inthe CAS device wastes backup time and the storage capacity of the backupdestination. Thus, as disclosed in, for example, Patent Literature 1,the device determines whether an access from the NAS client is a normalNAS access or a special NAS access for backup. If the access is forbackup, the actual archive data in the CAS device is not backed up butonly the stub information is backed up.

CITATION LIST Patent Literature

PTL 1: JP Patent Publication (Kokai) No. 2010-9573A

SUMMARY OF INVENTION Technical Problem

In some systems, a CAS device is located at a data center, and NASdevices are arranged at respective bases (for example, operationdivisions of companies). The CAS device is connected to the NAS devicesby a communication network such as a WAN (Wide Area Network). The datais centrally managed on the CAS device. The data stored in the CASdevice is not limited to archive data. Data stored in the NAS device maybe migrated (file migration) to the CAS device according to anappropriate policy, for example, if the data has not been accessed for agiven period. This enables a reduction in the capacity of the NAS devicerequired for the corresponding base. Then, the migrated data is stubbed.Thus, the NAS client can access the data in the same manner as thatbefore the migration without being conscious that the data storagelocation has been changed. The stubbing is described in, for example,Patent Literature 1 and will thus not be described herein in detail.Furthermore, the NAS device at each base needs to be able to access onlythe CAS device at the data center. Thus, the above-described systemsneed no communication network among the bases, enabling a reduction incommunication infrastructure costs.

In the above-described systems, some of the files possessed by each baseare not to be referenced by other bases. Thus, the CAS device provides aTENANT function to create a TENANT that permits only accesses from aparticular base. In view of security, the base: TENANT=1:1 is set. Then,each base constructs a file system exclusive to the base, on the TENANT.Limiting accesses to the files and directories stored in the TENANTallows security to be ensured. However, the use of the TENANT functionallows file reads/writes to be limited but may fail to allow generalfile systems to hide even the presence of files. Some users desire toinhibit the other bases from accessing the directories exclusive to theusers. Thus, even the presence of files can desirably be hidden.

In this regard, in view of security, data can be shared by the bases asfollows with the base: TENANT=1:1 maintained. A TENANT is created whichis separate from the TENANTs exclusive to the respective bases and whichcan be accessed by each base. A shared directory is created on thisTENANT.

However, data sharing utilizing the shared directory requires thestorage, in the shared directory, of files to be shared by users (NASclients). This is disadvantageously cumbersome to the users.Furthermore, if copies are stored in the shared directory, the capacityof the CAS device is wasted. A de-duplication technique can be utilizedto prevent the capacity from being wasted. However, the de-duplicationprocess disadvantageously imposes loads on the CAS device. Moreover, ifany original file in the exclusive directory is updated, the updatedfile needs to be re-stored in the shared directory by overwrite copyingor the like. This is cumbersome to the users. Additionally, if theconnection to the WAN is deleted or the data center is shut down duringan access to the shared file, the shared file cannot be accessed.

The present invention has been made in view of these circumstances. Anobject of the present invention is to provide a file sharing techniquewhich serves to prevent the capacity of the CAS device from being wastedand to reduce loads on the CAS device and which inhibits the other basesfrom knowing the presence of files.

Solution to Problem

To accomplish the above-described object, the present invention enablesbases to share data by using backup data and setting files for therespective bases stored in the CAS device at the data center to restorerequired data for data sharing target bases to create a data sharingfile system for the data sharing target bases. The use of the settingfile enables selection of restoration of only the stubs permitted to bedata-shared or restoration of both stubs and files. Furthermore, if theoriginal data is updated, the data at data sharing destinations is alsoautomatically updated. In this case, on the CAS device, new data isnewly stored with the old data left without any change. This preventsthe stubs on the data sharing file system from being unlinked and allowsthe stubs on the data sharing file system to be replaced with stubslinked with the new data at a set timing to update the data at the datasharing destinations. Additionally, the user (file owner) at each baseor a data center administrator can freely set files or directories to bedata-shared or files or directories not to be data-shared. Furthermore,if any NAS client accesses the stub data, the stub can be converted intoa file and the state of the file can be maintained during a period setin the setting file. During this period, the data can be accessed evenif the connection to the WAN is deleted or the data center is shut down.Additionally, if the period elapses, the file is stubbed again.

That is, in the present invention, a data management computer system(data center) manages backup data for a first sub-computer system (baseA). Based on data sharing permission/inhibition information (ACLinformation and information indicative of a sharing range) indicative ofdata to be shared by bases (a plurality of sub-computer systems), thedata management computer system restores at least a part of the backupdata for the first sub-computer system (base A) in a second sub-computersystem (base B) different from the first sub-computer system (base A).Then, the second sub-computer system (base B) stores the data restoredby the data management computer system (data center), in a storagesub-system at the base B to generate a shared file system.

Furthermore, the data management computer system (data center) managesscheduling information on the restore process. For example, if the datastored in the first sub-computer system (base A) is changed (deleted orupdated), the data management computer system reflects the change in thedata, in the backup data. Additionally, at a timing different from thatwhen the change in the data is reflected in the backup data, the datamanagement computer system executes a restore process again inaccordance with the scheduling information. Thus, the contents of theshared data in the backup data may be temporarily different from thoseof the data restored in the second sub-computer system (base B). Thatis, in connection with the data change in the first sub-computer system(base A), the reflection of the change in the backup data may fail tosynchronize with the reflection of the change in the second sub-computersystem (base B).

Some of the further features of the present invention are clarified inthe description below, and others are apparent from the description orcan be learned by implementing the present invention. The modes of thepresent invention can be achieved by elements or a combination ofvarious elements as well as the following detailed description and theaspects of the attached claims.

It should be appreciated that the above and following descriptions aretypical and illustrative and do not in any sense limit the claims orapplications of the present invention.

Advantageous Effects of Invention

The present invention serves to prevent the capacity of the CAS devicefrom being wasted and to reduce loads on the CAS device, and enables theother bases to be inhibited from knowing the presence of files.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a diagram showing the physical configuration of a typicalsystem (information processing system) according to the presentinvention.

FIG. 2 is a diagram showing the physical and logical configuration (1)of the information processing system according to the present inventionin further detail.

FIG. 3 is a diagram showing the physical and logical configuration (2)of the information processing system according to the present inventionin further detail.

FIG. 4 is a diagram illustrating an operation of reading data from abase A.

FIG. 5 is a diagram illustrating an operation of reading data from abase B.

FIG. 6 is a diagram showing an example of the configuration of a stubtable according to an embodiment of the present invention.

FIG. 7 is a diagram showing an example of the configuration of an ACLtable according to the embodiment of the present invention.

FIG. 8 is a diagram showing an example of the configuration of aninter-base data sharing setting table according to a first embodiment ofthe present invention.

FIG. 9 is a flowchart illustrating a procedure and a process forcreating a data sharing FS at another base according to the embodimentof the present invention.

FIG. 10 is a flowchart illustrating a process of restoring required dataat another base (S9050 in FIG. 9) in detail.

FIG. 11 is a flowchart illustrating a procedure and a process forupdating the data sharing FS at another base according to the embodimentof the present invention.

FIG. 12 is a flowchart illustrating a process executed when a NAS clientaccesses a stub in a data sharing FS at another base according to theembodiment of the present invention.

FIG. 13 is a diagram showing a configuration example of an inter-basedata sharing setting table according to a second embodiment of thepresent invention.

FIG. 14 is a diagram showing an example (1) of a setting screen for theinterbase data sharing setting table according to the embodiment of thepresent invention.

FIG. 15 is a diagram showing an example (2) of a setting screen for theinterbase data sharing setting table according to the embodiment of thepresent invention.

DESCRIPTION OF EMBODIMENTS

Embodiments of the present invention will be described below withreference to the attached drawings. In the attached drawings, componentswith the same functions may be denoted by the same reference numerals.The attached drawings show specific embodiments and examples accordingto the principle of the present invention. However, the embodiments andexamples are intended to make the reader understand the presentinvention and not to make the reader interpret the present invention ina limited manner.

The present embodiments are described in detail sufficient to allowthose skilled in the art to implement the present invention. However, itshould be understood that other implementations and aspects are possibleand that configurations and structures may be changed and the componentsmay be replaced with various other components, without departing fromthe technical scope and spirit of the present invention. Thus, thefollowing description should not be interpreted in a limited manner.

Moreover, the embodiments of the present invention may be implemented bysoftware running on a general-purpose computer, dedicated hardware, or acombination of software and hardware, as described below.

In the drawings for the specification, information used in the presentinvention is described using tables and lists as examples. However, theinformation is not limited to those provided in the structures of thetables and lists. The information may be independent of the datastructure.

Furthermore, the expressions “identification information”, “identifier”,“name”, and “ID” are used to describe the contents of the information.However, these expressions are interchangeable with one another.

According to the embodiments of the present invention, in a storagesystem in which NAS and CAS are integrated, data can be shared by bases.However, in the embodiments of the present invention, a communicationnetwork for NAS and CAS is not limited to the adoption of a WAN. Acommunication network such as a LAN (Local Area Network) can be adopted.The aspects of the present invention are not limited to the adoption ofan NFS (Network File System) protocol. Any of the other file sharingprotocols including a CIFS (Common Internet File System) and an HTTP(Hypertext Transfer Protocol) may be adopted.

(1) First Embodiment

<System Configuration>

FIG. 1 is a diagram schematically showing the physical configuration ofa system (an information system, an integrated storage system, or acomputer system) 100 according to an embodiment of the presentinvention. Furthermore, FIGS. 2 and 3 show the physical and logicalconfiguration of the system in further detail.

The computer system 100 includes a plurality of sub-computer systems1800, 1810, . . . arranged at the respective bases, a data center system1820 formed of CAS. Each of the sub-computer systems 1800 and 1810 isconnected to the data center system 1820 via networks 1930 and 1940,respectively.

Each of the sub-computer systems 1800 and 1810 includes any of aplurality of NAS clients 1300 to 1350, NAS heads 1000 and 1100, and NASstorage systems 1500 and 1600, respectively. The NAS clients 1300 to1320 are connected to the NAS head 1000 and the NAS head 1000 isconnected to the MAS storage system 1500, via a network 1900. This alsoapplies to the sub-computer systems 1810 at the other bases.

Furthermore, the data center system 1820 includes a CAS head 1200, a CASstorage system 1700, and a CAS client 1400 which are connected togethervia a network 1920.

The network 1900 is an intra-base LAN (LAN inside a base) for the base A1800. The network 1910 is an intra-base LAN for the base B 1810. Thenetwork 1920 is an intra-data-center LAN (LAN inside a data center) forthe data center 1820. The network 1930 is a WAN and connects the base A1800 and the data center 1820 together via a network. The network 1940is a WAN and connects the base B 1810 and the data center 1820 togethervia a network. Of course, the types of the network are not limited tothose described above. A variety of networks can be utilized.

In the computer system 100 shown in FIG. 1, the NAS heads 1000 and 1100,the CAS head 1200, the NAS clients 1300, 1310, 1320, 1330, 1340, and1350, and the CAS client 1400 include CPUs 1010, 1110, 1210 and memories1020, 1120, and 1220, respectively. However, for the NAS clients and CASclient, the illustration of the CPUs and memories is omitted. The NASheads 1000 and 1100 and the CAS head 1200 further include caches 1030,1130, and 1230, respectively.

The NAS storage systems 1500 and 1600 and the CAS storage system 1700include storage controllers 1540, 1640, and 1740, respectively, and diskdrives 1550, 1650, and 1750, respectively. The storage controllers 1540,1640, and 1740 include CPUs 1510, 1610, and 1710, respectively, memories1520, 1620, and 1720, respectively, and caches 1530, 1630, and 1730,respectively.

As shown in FIG. 1, each of the components includes at least oneinterface (I/F) via which the component is coupled to a network oranother device. The NAS head 1000 includes I/Fs 1060 and 1070. The NAShead 1100 includes I/Fs 1160 and 1170. The CAS head 1200 includes I/Fs1260 and 1270. The storage controller 1540 includes I/Fs 1560 and 1570.The storage controller 1640 includes I/Fs 1660 and 1670. The storagecontroller 1740 includes I/Fs 1760 and 1770. Furthermore, the NASclients and CAS client also include I/Fs but this is not shown in thedrawings.

With reference to FIG. 2, files and applications mounted in thecomponents of the computer system 100 will be described.

The NAS client 1300 includes an AP (application) 2000 and an NFS client2010. The NAS client 1330 includes an AP 2100 and an NFS client 2110.Like the NAS client 1300, the CAS client 1400 includes an AP and an NFSclient, but this is not shown in the drawings.

The NAS head 1000 includes an NFS server program 2200, a local filesystem 2210, and a stub table 2220. The NAS head 1100 includes an NFSserver program 2300, a local file system 2310, and a stub table 2320.The CAS head 1200 includes an NFS/CAS server program 2400, a local filesystem 2410, a tenant A 2420, a tenant B 2430, and a sharing systemtenant 2440. The tenant A 2420 is associated with a file A1_2480. Thetenant B2490 is associated with a file B1_2490. Furthermore, the sharingsystem tenant 2440 is associated with backup data 2450 at the base A andinter-base data sharing setting tables 2460 and 2470 (sharing settingtables between bases). Here, the expression “associated” means thatsince FIG. 2 shows a logical con-figuration, for example, the actualdata in the file A1 is present in a volume 2800 but appears to the bases(sub-computer systems) to lie in the tenant A 2420.

The NAS storage system 1500 includes a volume 2600 in which data handledby the NAS head 1000, for example, stubs, files, and various managementtables are stored. Furthermore, the NAS storage system 1600 includes avolume 2700 in which data handled by the NAS head 1100, for example,stubs, files, and various management tables are stored. The CAS storagesystem 1700 includes a volume 2800 in which data handled by the CAS head1200, for example, files, various management tables and backup data arestored.

The NAS head 1000 has a file sharing function and is integrated with theNAS storage system 1500, which provides a disk volume in which file datais stored. The NAS head 1000 and the NAS storage system 1500 arecombined together to operate as an NAS device.

The NFS server program 2200 is an application program providing an NFSfunction. Furthermore, the local file system 2210 is a file system forthe NAS head 1000 and may be ext2 (second extended file system) forLinux, ext3 (third extended file system), or an NTFS (Windows NT FileSystem). The storage controller 1540 provides a block-type storagefunction such as an FC-SAN (Fibre Channel Storage Area Network). The NAShead 1100 and the NAS storage system 1600 are combined together tooperate as an NAS device to provide functions similar to those describedabove.

The CAS head 1200 provides a data archive function and is combined withthe CAS storage system 1700, which provides a disk volume in which datais stored. The CAS head 1200 and the CAS storage system 1700 arecombined together to operate as a CAS device.

The volume 2600 stores stub data 2610 linked with the actual file storedin the volume 2800. The sub data 2610 is expressed as a symbolic linkfor a soft link. The symbolic link is a file object stored in the volume2600 and shared by the NAS head 1000 via the NFS server 2200. Thesymbolic link has location information on other file objects or otherdirectory objects. When an NAS client accesses the symbolic link, otherlocations indicated by the symbolic link and in which actual data isheld are referenced.

The NAS client 1300 accesses the NFS file server program 2200 in the NAShead 1000. The NFS file server program 2200 accesses the volume 2600 onthe NAS storage system 1500, coupled to the NAS head 1000, instead ofthe NAS client 1300. The volume 2600 includes stub data providinglocation information on actual data stored on the volume 2800 in thedata center 1820. That is, the actual data corresponding to stub data ispresent in the CAS storage system 1700, a part of the CAS. system. Theactual data file is delivered from the volume 2800 in the CAS system tothe NFS server program 2200 in the NAS head 1000 by the CAS head 1200.The data file is then delivered to the NAS client 1300, having initiallyrequested the data file.

The NAS client 1300 includes an NFS client function 2010 allowing the AP2000 to access data in data files on the NAS device via an NFS protocol.The NAS client 1300 and the NAS device are combined together by thenetwork 1900, which can be configured using a LAN (Local Area Network).

An AP (application (not shown in the drawings)) for the CAS client 1400has an archive function. When the AP for the CAS client 1400 issues arequest for migration of data available in a data file in the NAS devicefrom the NAS device to the CAS device in order to archive the file data,the NAS head 1000 generates and leaves stub data for the data at alocation in the NAS device where the migrated data file is previouslypresent. The NAS head 1000 further transfers the actual file data to theCAS device. The location where the stub data is stored is the same asthat of the file from which the data has been migrated by the AP. Therelationship between the stub data and the migrated file is managed bythe stub tables 2220 and 2320 shown in FIG. 4.

Any of various techniques can be adopted to integrate the NAS devicesand the CAS device together. In the present embodiment, for example, aGNS technique is adopted. If the GNS is adopted, the NAS client 1300accesses the NAS head 1000 to acquire archive data on the CAS via thestub data 2610. That is, the NAS client 1300 avoids a direct access tothe CAS head 1200. This allows the NAS client to see a single integratednamespace formed of a large number of NAS and CAS devices.

FIG. 3 is a diagram showing a system logical configuration in which thebase B shares some files in the base A. In the example described belowin connection with configurations and operations, the base B shares somefiles in the base A.

The NAS head 1000 includes a file system A 3000 on the local file system2210 in which files for the own base are stored. The file system A 3000includes a stub A1_3010 and a stub A2_3020. Moreover, each of the stubdata, files, and directories includes ACL information (which is shownonly on the stub A1). These data are stored in the volume 2600.

The NAS head 1100 includes a file system B 3100 in which the files forthe own base are stored and a file system A′ 3110 required to access theshared files at the base A; the file systems B 3100 and A′ 3110 arearranged on the local file system 2310. The file system B 3100 includesa stub B1_3120 and a file B2_3130. The file system A′ 3110 includes astub A1_3140. These data are stored in the volume 2700.

The CAS head 1200 includes a tenant A 2420 logically associated with theactual data (stored in the volume 2800) in the files stubbed at the baseA to provide the actual data to the base A, a tenant B 2430 logicallyassociated with the actual data (stored in the volume 2800) in the filesstubbed at the base B to provide the actual data to the base B, and asharing system tenant 2440 associated with backup data and setting files(the actual data is present in the volume 2800) stored by theadministrator or the like; the tenants A2420 and B 2430 and the sharingsystem tenant 2440 are arranged on the local file system 2410.

The tenant A 2420 includes a file A1_2500 and a file A2_2510. The tenantB 2430 includes a file B1_2520. The sharing system tenant 2440 includesbackup data 2450 for the base A and inter-base data sharing settingtables 2460 and 2470. As described above, these data indicate a logicalrelationship, and the actual data is stored in the volume 2800.Furthermore, the backup data 2450 for the base A and the inter-base datasharing setting tables 2460 and 2470 are also stored in the volume 2800.However, some of these data are not shown in the volume 2800.

The tenant A 2420 provides a namespace for the NAS head 1000 at the baseA and performs access control such that only the user at the base A canaccess the tenant A 2420. The tenant A2420 thus provides a namespaceexclusive to the user at the base A. However, as described below, onlyaccesses made, via the stub data, by the user at the base B arepermitted. This enables the base B to share some of the files at thebase A.

Furthermore, the actual data in the files stubbed by the NAS head 1000is stored in the tenant A 2420.

Similarly, the tenant B 2430 provides a namespace exclusive to the userat the base B. The system tenant 2440 is a special namespace in whichthe backup data, the setting files, and the like are stored. Accesscontrol is performed such that the system tenant 2440 cannot be accessedby the general users at the bases but only by the administrators of eachbase and the data center. For example, the administrator of the base Astores the backup data 2450 present at the base A, in the system tenant2440. Furthermore, the administrator of the data center stores theinter-base sharing setting tables 2460 and 2470 in the system tenant2440. Here, the term “store” is used for convenience. However, eachtenant has a logical relationship with the files and data, and theactual data itself is stored in the volume 2800 as described above.

The backup data 2450 at the base A allows the file system A 3000 to berecovered when a disaster occurs at the base A or when ahardware/software fault occurs. Unlike in the case of normal backup, asdescribed in Patent Literature 1, the actual data in a stubbed file isnot backed up but only the stub data for the file is backed up. For anon-stubbed file, the file containing the actual data is backed up. Thatis, the backup data includes a mixture of the stub data and file.Furthermore, each of the backed-up stub data, files, and directoriesincludes ACL information.

The file system A′ 3110 at the base B is an inter-base sharing filesystem (a sharing file system between bases) created by theadministrator of the base B using the backup data 2450 at the base A andthe inter-base data sharing setting tables 2460 and 2470. Althoughdescribed below in detail with reference to FIG. 10, the restore processrestores only the stub data, files, and directories permitted to beshared by the base B, with reference to the ACL information in each ofthe backed-up stub data, files, and directories and the inter-base datasharing setting tables 2460 and 2470. The restore process creates a filesystem A′ 3110 that can access only the stub data, files, anddirectories permitted to be shared by the base B.

<Summary of a File Acquisition Operation>

FIGS. 4 and 5 is a conceptual drawing illustrating an operationperformed to acquire files from the bases A and B.

With reference to FIG. 4, the case where at the base A, the NAS client1300 accesses the file system A 3000 for the own base will be described.The NAS client 1300 is accessing the file server program 2200 in the NAShead 1000. Instead of the NAS client 1300, the NFS file server program2200 accesses the volume 2600 on the NAS storage system 1500, coupled tothe NAS head 1000.

The volume (NAS) 2600 contains stub data providing location informationon the actual data stored on the volume (CAS) 2800. Thus, the actualdata corresponding to the stub data is present in the volume 2800 in theCAS storage system 1700, which is a part of the CAS system. The actualdata file is delivered from the volume 2800 in the CAS system to the NFSserver program 2200 in the NAS head 1000 via the CAS head 1200. Theactual data file is then delivered to the NAS client 1300, havinginitially requested the data file.

Furthermore, the actual data file received from the CAS system is usedto convert the stub data into a normal file containing the actual data.The normal file is then deleted. Thus, the volume 2600 functions as akind of cache. The next time the volume 2600 is accessed, the access canbe carried out at a high speed without the need for communication withthe CAS system. Furthermore, even if the WAN communication is disrupted,the volume 2600 can be accessed. Arrows in FIG. 4 indicate this process.

Now, with reference to FIG. 5, the case where at the base B, the NASclient 1330 accesses the data sharing file system. A′ 3110 will bedescribed. The NAS client 1330 is accessing the NFS file server program2300 in the NAS head 1100. Instead of the NAS client 1330, the NFS fileserver program 2300 accesses a volume 5100 on the storage system 1600,coupled to the NAS head 1100.

The volume (NAS) 5100 contains stub data providing location informationon the actual data stored on the volume (CAS) 2800. Thus, the actualdata is present in the volume 2800 in the CAS storage system 1700, whichis a part of the CAS system. The actual data file is delivered from thevolume 2800 in the CAS system to the NFS server program 2300 in the NAShead 1100 via the CAS head 1200. The actual data file is then deliveredto the NAS client 1330, having initially requested the data file. Arrowsin FIG. 5 show this process.

Furthermore, the user (each NAS client) at the base A can access a fileA2_5100. However, a file A2_5300 is inhibited from being shared by theuser (each NAS client) at the base B. Thus, the volume 5100 contains nostub data allowing the file A2_5300 to be accessed. Hence, the user atthe base B cannot access the file A2_5300. Similarly, a directory dirB5200 is set to be unshared, so that the user at the base B cannot seethe dirB 5200.

<Configuration Example of the Stub Table>

FIG. 6 is a diagram showing a configuration example of the stub table2220. The stub table 2220 is a table in which the source, destination,and state of each of the data files stored in the CAS system (datacenter 1820) are recorded. Here, the table form is adopted. However, anymanagement form may be adopted provided that the relationship betweenthe source and the destination and the state can be managed. These datamay be simply called stub configuration information. This also appliesto various tables described below. The management form is not limited tothe table.

A source 6010 is information including a file path to the sourcelocation of a data file in the NAS system present before archiving ofthe data file in the CAS system. Furthermore, a destination 6020 isinformation indicative of a file path to a destination location in theCAS system where the data file is actually stored. Moreover, a state6030 is information indicating whether the stub data is linked with theactual file or the link between the stub data and the actual file hasbeen lost. The link is lost when, for example, the archive data isdeleted and is absent from the CAS device.

<Configuration Example of ACL (Access Control List) Information>

FIG. 7 is a diagram showing a configuration example of the ACLinformation 3030. The ACL information is included in each of the stubs,files, and directories. The ACL 3030 includes a user name 7010 and anaccess control right 7020. The example in FIG. 7 indicates that a user Acan execute all actions including read and write for the file and thelike provided with the ACL information and that a user B can executeonly read. On the other hand, a user C cannot access the file and thelike.

<Configuration Example of the Inter-Base Data Sharing Setting Table>

FIG. 8 is a diagram showing a configuration example of the inter-basedata sharing setting table 2460. The inter-base data sharing settingtable 2460 is a table in which a setting for the data sharing betweenbases is recorded. The inter-base data sharing setting table 2460 isreferenced when a data sharing file system is created at each base bythe restore process. The data sharing file system reflects the setting.

The inter-base data sharing setting table 2460 contains a file name8010, an update frequency 8020, a cache maintenance period 8030, asharing type 8040, a shared file type 8050, and an administrator 8060,as constituent items. One inter-base data sharing setting table 2460 isprepared for each base, for example, a table for the base A and a tablefor the base B.

The file name 8010 is information indicating which of the files isrelated to the setting. Instead of the file name, a directory name maybe registered. If a directory name is registered, the sharing setting isapplied to all the files in the specified directory. However, if any ofthe files in the directory is registered in a different row, the settingfor the file is given top priority. Which of the users can access eachfile is set by the above-described ACL information.

The update frequency 8020 indicates a setting for timings at which thedata sharing file system is updated by re-restoration. That is, if thebase A updates a certain shared file, the user at the base B cannotnecessarily immediately utilize the updated shared file. The updatedfile needs to be made available. This involves the restore process.Until the updated file is restored, the user at the base B utilizes thenon-updated shared file.

The restore process may be set to be executed at midnight or on theweekend in view of possible loads on the system. Alternatively, if theupdate is to be immediately reflected, “immediately” is set such thatthe restore process is executed immediately after migration andre-backup. This will be described below in detail with reference to FIG.11.

The cache maintenance period 8030 is information indicative of a periodfrom the conversion, into a file, of stub data accessed by any NASclient until the file is restubbed. For example if the cache maintenanceperiod 8030 is set to one week, the state of the file is maintained forone week after the access. During this period, the file can be accessedwithout the need for communication with the data center. When one weekelapses from the access, the file is stubbed again. Furthermore, if thecache maintenance period 8030 is set to “0”, the file is stubbedimmediately after being closed by the NAS client.

The sharing type 8040 is information indicative of the type of datasharing. For example, if the sharing type 8040 is set to READ, accessesto the data sharing file system permitted for the user at the base B areonly for read. In the embodiment of the present invention, it is mainlyassumed that the sharing type 8040 is set to READ. However, the sharingtype 8040 is not limited to READ. If the sharing type 8040 is set toREAD & WRITE, the file can also be edited. However, this involves thefollowing restrictions. Changes made to files by the user at the base Bfail to be reflected in the file system A 3000 at the base A. The filesystem A′ 3110 is re-restored to the latest state of the file system A3000 at the base A at timings set in the update frequency 8020. Thus,file updates performed by the user at the base B are invalidated. Thus,if a file updated by the user at the base B is to be held, the userneeds to store the updated file somewhere in the base B.

The shared file type 8050 is information indicative of the type of adata sharing target file. For example, if the shared file type 8050 isset to STUB, only the stub data included in the backup data 2450 at thebase A and permitted to be shared is restored; both the stub data andfile are stored in the backup data 2450. Thus, a data sharing filesystem A′ 3110 is created. If the shared file type 8050 is set toSTUB,FILE, the file is also restored. Basically, it is assumed that onlythe stub data is restored. However, it is inefficient to acquire backupdata for the stub data at the base A for data sharing. Thus, the presentsetting can be provided to enable sharing of backup data acquired forrecovery performed when a disaster occurs at the base A or when ahardware/software fault occurs.

The administrator 8060 is information indicative of a user who can setand change the inter-base data sharing setting table 2460. For example,the owner of a file generally sets data sharing for the file. Thus, anadministrator is set for each base, in the first embodiment, for thebase A. Furthermore, an administrator may be set for the data center. Ingeneral, an administrator is set for each table but may be set for eachfile or directory.

A configuration example of the inter-base data sharing setting table2460 has been shown. However, setting data sharing for each file ordirectory is burdensome. Thus, data sharing can be set for all the filesand directories. For example, a common setting can be provided bysetting the file name 8010 to “-” and making other required settings.Then, file and directories to be set differently from those with thecommon setting are additionally registered in an inter-base data sharingsetting table 2560. The additionally set files and directories are thenexceptionally set differently from those with the common setting.

<Process for Setting a Data Sharing File System>

FIG. 9 is a flowchart illustrating a process for setting a data sharingfile system according to the embodiment of the present invention, forexample, the file system A′ 3110 in brief.

First, in 59010, the CAS head 1200 (CPU 1210) accepts the inter-basedata sharing setting table 2460 created by the administrator, forexample, the user at the base A by operating the CAS client 1400. TheCAS head 1200 then stores the inter-base data sharing setting table 2460in the sharing system tenant 2440. At this time, since the base A andthe data center may be geographically distant from each other, the userat the base A may operate the CAS client through a remote access fromthe base A. Furthermore, for example, the user at the base A may requestthe administrator of the data center to make required settings, and theadministrator of the data center may operate the CAS client for thesettings. In actuality, the CAS head 1200 operates to store theinter-base data sharing setting table 2460 in the volume 2800 and thenlogically associates the table 2460 with the sharing system tenant 2440.

In S9020, in response to a request from the user at the base A, the NAShead 1000 (CPU 1110) at the base A transfers the files and stub datastored in the NAS storage system 1500 at the base A, to the CAS head1200 in order to backup the files and stub data. The CAS head 1200receives and stores the files and stub data in the sharing system tenant2440 as backup data 2450 (as described above, the actual backup data islocated in the volume 2800 and logically associated with the sharingsystem tenant 2440). A schedule is set for the backup. The backup may beautomatically executed by the system.

In S9030, in response to a request from the user (administrator) at thebase B, the NAS head 1100 at the base B creates a data sharing filesystem, for example, a file system A′ 3110.

In S9040, the NAS head 1100 at the base B accepts, as a parameter, a“sharing user” input by the user at the base B and specifying “who ispermitted to access the file system”. The NAS head 1100 holds thesharing user in the memory. Then, the NAS head 1100 at the base Binstructs the CAS head 1200 to restore required data in the file systemA′ 3110.

In S9050, the CAS head 1200 receives the instruction from the NAS head1100 and cooperates with the NAS head 1100 in restoring the requireddata in a data sharing file system at another base (which means the baseB). The processing in 59050 will be described with reference to FIG. 10.In the restore process, for example, when user B is input as a sharinguser, only the files and directors permitted to be shared with the userB are restored. If all the files and directories are restored with ACLinformation added thereto, accesses from users inhibited from sharingthe files and directories may be rejected. However, these users may knowthe presence of the files. Thus, for the files inhibited from beingshared, the embodiment of the present invention avoids restoring thestub data and the files themselves to prevent even the presence of thefiles from being known. This improves security. Furthermore, a pluralityof sharing users may be input. Additionally, the input sharing user isstored in the file system A′ 3110 so that during re-restorationdescribed below with reference to FIG. 11, this data can be re-restoredwithout the need to input any parameter.

In S9060, after the restore process is completed, the NAS head 1100 atthe base B mounts the file system A′ 3110.

Thus, the file system A′ 3110 accessible to the user at the base B iscreated.

<Details of the Restore Process>

FIG. 10 is a flowchart illustrating a process for restoring requireddata in a data sharing file system at another base (base B) in detail.The present process is executed, for example, by the cooperating NAShead 1100 and the CAS head. As shown in S9040, the “sharing user” isinput as an input parameter.

In S10010, the CAS head 1200 references the inter-base data sharingsetting table 2460. The restore process is executed based on the settingvalues in the table.

In S10020, the CAS head 1200 reads the files and the like stored in thebackup data 2450 and which are to be restored, one by one. The CAS head1200 then transmits the files and the like to the NAS head 1100. At thistime, if the sharing file type 8050 in the inter-base data sharingsetting table 2460 is set to only STUB, the CAS head 1200 reads only thestub data and avoids restoring the files. Furthermore, if the sharingfile type 8050 is set to STUB,FILE, the CAS head 1200 also reads thefiles. In the description of the following example, the sharing filetype 8050 is set to only STUB.

In S10030, the NAS head 1100 references the ACL information on the readstub data to determine whether or not the stub data is permitted to beshared with the user indicated by the input parameter “sharing user”. Ifthe data sharing is determined to be permitted, the process proceeds toS10040. If the data sharing is determined to be inhibited, the processproceeds to S10050. If the data sharing is determined to be inhibited,the stub data is not restored.

In S10040, the NAS head 1100 restores the stub data.

In S10050, the NAS head 1100 determines whether or not all the stub dataincluded in the backup data has been subjected to the sharingdetermination in S10030. If any stub data has not been subjected to thesharing determination, the process is shifted to S10020. If all of thestub data has been subjected to the sharing determination, the presentprocess is terminated.

<Re-Restore Process>

FIG. 11 is a flowchart illustrating a re-restore process, that is, aprocess for bringing a data sharing file system into the latest state.If file update, addition, or deletion is executed at the base A, stubdata accessed by the NAS client is returned to the corresponding file,and the update, addition, or deletion is executed on the files on thefile system A 3000. This will be described below with reference to FIG.12. At this point in time, the files on the tenant A 2420 are notsubjected to update, addition, or deletion. Thus, the change made at thebase A is also not reflected in the file system A′ 3110, whichreferences the files on the tenant A 2420. The change in the file isreflected in the tenant A 2420 when stubbing is carried out for amigration process. Hence, the change in the file is not reflected in thetenant A 2400 as long as the migration process is not executed.Furthermore, when the change in the file is reflected in the tenant A2420 as a result of the migration process, new data is added with theold data left without any change. This is to prevent a possiblesituation in which because the stub data on the file system A′ 3110references the old data, changing or deleting the old data leads todelinking, precluding the base B from accessing the old data. The olddata is automatically deleted when a given period has elapsed ormanually deleted by the administrator. That is, the file system A′ 3110references the old data until the process shown in FIG. 11 is executed.When the process shown in FIG. 11 is executed, the referencing isswitched to the latest data.

In S11010, during the migration process, the NAS head 1000 at the base Astubs and stores the relevant file (for example, the file updated at thebase A) in the file system A 3000. The migration process brings thetenant A2420 into the latest state.

In S11020, since the contents of the file system A 3000 have beenchanged, the CAS head 1200 acquires the backup data 2450 at the base Aagain.

In S11030, the CAS head 1200 references the update frequency 8020 in theinterbase data sharing setting table 2460 to schedule a re-restoreprocess for the file system A′ 3110.

In S11040, at the scheduled time, the NAS head 1100 at the base Bunmounts the file system A′ 3110.

In S11050, the NAS head 1100 at the base B uses the “sharing user” inputfor the last restoration, as a parameter again to instruct the CAS head1200 to re-restore required data in the file system A′ 3110.

In S11060, the CAS head 1200 and the NAS head 1100 cooperate with eachother in executing a re-restore process. The details of this process arethe same as those of the process shown in FIG. 10.

In S11070, after the restore process is completed, the NAS head 1100remounts the file system A′ 3110 to bring the file system A′ 3110 intothe latest state.

The process shown in FIG. 11 is automatically periodically executed bythe system and need not be carried out by the user or the administrator.Of course, the user and the administrator may manually execute theprocess.

<Process Executed During a Stub Data Access>

FIG. 12 is a flowchart illustrating a process executed when the NASclient at the base B accesses the stub data on the file system A′ 3110.The processing in S12080 is not executed if the NAS client at the base Aaccesses the stub data on a normal file system, for example, the filesystem A 3000. Furthermore, the present process is executed when the NASclient accesses the stub data for a file access. When a NAS client suchas a backup server accesses the stub data for backup, the systemdetermines the access to be for backup and avoids executing the processshown in FIG. 12, in accordance with the technique disclosed in PatentLiterature 1. That is, during an access for backup, the conversion fromstub data into a file (recall process) is not executed.

In S12010, the NAS head 1100 at the base B receives a stub data accessfrom the NAS client.

In S12020, the NAS head 1100 requests the CAS head 1200 to recall theaccessed stub data.

In S12030, the CAS head 1200 receives a recall request from the NAS head1000.

In S12040, the CAS head 1200 acquires the actual data corresponding tothe stub data from the volume 2800, and transmits the actual data to theNAS head 1000.

In S12050, the NAS head 1100 receives the actual data corresponding tothe stub data from the CAS head 1200.

In S12060, the NAS head 1100 uses the received actual data to convertthe stub data into a file containing the actual data. At this time, thestub data is deleted.

In S12070, the NAS head 1100 responses to the NAS client havingrequested the access, with the acquired file.

In S12080, the NAS head 1100 references the cache maintenance period8030 for the file in the inter-base data sharing setting table 2460 toschedule a stubbing process again. Then, at the scheduled time, the fileis stubbed again. More specifically, in S12080, the NAS head 1100requests the CAS head 1200 to notify the NAS head 1100 of the cachemaintenance period 8030 for the file. In response to the request, theCAS head 1200 references the inter-base data sharing setting table 24260to acquire the cache maintenance period information on the file. The CAShead 1200 notifies the NAS head 1100 of the information.

(2) Second Embodiment

A second embodiment of the present invention will be described below. Inthe following description, differences from the first embodiment will bemainly described. The description of matters common to the firstembodiment is omitted or simplified.

In the second embodiment of the present invention, the data sharing/notsharing between bases is not set in ACL information in each of thestubs, files, and directories but in an inter-base data sharing settingtable 2460. Setting the data sharing in the inter-base data sharingsetting table 2460 allows the administrator of each base or the datacenter to easily set the data sharing among the bases in a batch. Inthis case, the settings in the ACL information may be different fromthose in the inter-base data sharing setting table 2460. However, thesettings in the inter-base data sharing setting table 2460 are used todetermine whether or not to perform restoration in a restore process forcreating and updating a data sharing file system. Thus, if restorationis performed, the ACL information is also restored. Hence, usersinhibited from accessing the data as indicated in the ACL informationcannot make any accesses.

<Configuration Example of a Data Sharing Setting Table>

FIG. 13 is a diagram showing a configuration example of the inter-basedata sharing setting table 2460 according to the second embodiment ofthe present invention.

The inter-base data sharing setting table 2460 in FIG. 13 contains notonly the table items shown in FIG. 8 but also a sharing range 13010. Theinformation in the sharing range 13010 is used to determine whether ornot to perform restoration in a restore process for creating andupdating a data sharing file system at another base as shown in FIG. 9or FIG. 10.

For example, in S9040 in FIG. 9, if user B is input as a parameter for asharing user, only the stubs, files, and directories with the user Bregistered in the sharing range 13010 are restored. The stubs, files,and directories with the user B not registered in the sharing range13010 fail to be restored. In this case, some of the stubs, files, anddirectories with the user B registered in the sharing range 1310 butinhibited from being accessed as indicated in the ACL information arealso restored. However, in this case, since the ACL information is alsorestored, if the user B attempts to access any of the stubs, files, anddirectories in the completely restored data sharing file system, theuser B fails to make the access as a result of the ACL setting. That is,for accesses, if the contents of the sharing range 13010 in theinter-base data sharing setting table are different from those of theACL information, the ACL information is given top priority.

Furthermore, in the second embodiment of the present invention, thesharing determination shown in S10030 in the restore process shown inFIG. 10 is not made using the ACL information but using the registeredvalue in the sharing range 13010.

The sharing range 13010 may be set by reading the ACL information in thebackup data 2450 instead of being manually input by the administrator.For example, if the settings in the ACL information for /../fileA1.txtincludes the user name: user B and the access control: READ, then theuser B and READ are set in the sharing range and the sharing type,respectively, for the file name: /../fileA1.txt in the inter-base datasharing setting table 2460. An advantage of this method is thatreferencing the inter-base data sharing setting table 2460 allows theadministrator and user to easily determine the data sharing range.Another advantage is that in the restore process shown in FIG. 10 andother figures, it is possible to execute an internal process ofrestoring only the data permitted to be shared as indicated in thesharing range 13010 in the inter-base data sharing setting table 2460,instead of carrying out the sharing determination in S10030 for each ofthe stubs, files, and directories. This is expected to reduce overheadto improve performance.

<Example of a Setting Screen for the Inter-Base Data Sharing SettingTable>

FIGS. 14 and 15 are diagrams showing an example of a setting screen forthe inter-base data sharing setting table 2460. For example, a requestfrom the CAS client 1400 allows the setting screen to be displayed.Furthermore, the inter-base data sharing setting table 2460 is set by,for example, the CAS client 1400.

More specifically, a setting screen 14000 includes, for example, anindividual setting tab 14010 and a common setting tab 14020 as a tabfunction. For example, on a display device (not shown in the drawings)of the CAS client 1400, when the common setting tab in the displayedsetting screen is clicked, the common setting tab shown in FIG. 14 isdisplayed. When the individual setting tab in the displayed settingscreen is clicked, the individual setting tab shown in FIG. 15 isdisplayed.

FIG. 14 is a diagram showing an example of a common setting screen.Making individual settings for the stubs, files, and directories isburdensome. Thus, in FIG. 14, common setting values are applied to thestubs, files, and directories other than those individually set. Thus,individual settings may be made exclusively for the stubs, files, anddirectories for which settings different from common settings are to beexceptionally made. This enables a reduction in setting burdens on theadministrator and user. The common settings can be made for each base. Abase setting item 14030 can be used to switch the base.

FIG. 15 is a diagram showing an example of an individual setting screen.FIG. 15 shows a setting screen 15000 used to make settings for thestubs, files, and directories for which settings different from thecommon settings are to be made. In FIG. 15, the common settings can bemade for each base by using the base setting item 14030 to select any ofthe bases. Furthermore, an addition button 15010 can be used to newlyadd a stub, a file, and a directory to be registered. Moreover, a selectbutton 15020 can be used for selection. A change button 15030 can beused for a change. A delete button 15040 can be used for deletion.Additionally, to enable batch settings based on key words, the screenincludes a key word input field 15050 and a search button 15060. Forexample, inputting the key word “.txt” for search allows settings to bemade, in a batch, for all the stubs and files (text files) that include“.txt” in the file name. Furthermore, meta data such as an owner or afile creation date may be searched for.

(3) Conclusion

In the first embodiment, the NAS device at each base is connected to theCAS device at the data center by the WAN. At least a part of the backupdata at the base A is restored at the base (for example, the base B)with which the data is to be shared, using the ACL (Access Control Listin which, for example, data indicating whether or not the file ispermitted by the user at the base A to be made public and shared, orusers permitted to share the data are set), the backup data at each basewhich is stored in the CAS device (for example, the backup data at thebase A), and the inter-base data sharing setting table. Thus, a datasharing file system is created at the base (base B) with which the datais to be shared. At this time, with reference to the ACL in the backupdata, only the stubs or files permitted to be accessed by the restoretarget base are restored. This eliminates the need to store files to beshared, in a shared directory. The cumbersomeness of a sharing processcan be avoided.

Furthermore, data sharing is achieved such that with the actual datalocated on the CAS device at the data center, the stub data is stored inthe NAS devices at the respective bases sharing the data. If the stubdata is present in the backup data at the base, the stub data isrestored. This allows a copy process for data sharing to be omitted andenables the capacity of the CAS device to be saved.

Moreover, the following configuration is possible for files that are notto be data-shared. The user at another base is inhibited from accessingthe files. No stub data is present at this base. Thus, even the presenceof files can be hidden, allowing high security to be ensured.

Furthermore, if the original data for the shared data is updated, theshared data is also automatically updated. This eliminates the need forthe user to re-store the data in a shared directory. Moreover, for ashared file being accessed, the actual data is copied to the baseaccessing the file, as a cache for a set period. Thus, even if theconnection to the WAN is deleted or the data center is shut down, theaccess can be continued.

In the second embodiment, at least a part of the backup data at eachbase stored in the CAS device (for example, the backup data at the baseA) is restored at the base (for example, the base B) with which the datais to be shared, using the inter-base data sharing setting table furthercontaining information indicative of the user sharing range (whether ornot the user is permitted to share the data). Thus, a data sharing filesystem is created at the base (base B) with which the data is to beshared. The second embodiment determines whether or not the data is tobe restored based on the information indicative of the user sharingrange, instead of selecting the data to be restored from the backupdata, based on the ACL. When the inter-base data sharing setting tablecontains the information indicating whether or not the data sharing ispermitted, whether the data is to be shared or not can be controlledeven if no ACL is set. In this case, with reference to the inter-basedata sharing setting table, only the stubs or files permitted to beaccessed by the restore destination base are restored. However, whetheror not the restore destination data sharing file system permits accessesis determined based on the ACL. Thus, a shared file system can becreated at another base in such a manner that files inhibited from beingaccessed but which may be known to be present are distinguished fromfiles that are to be inhibited even from being known to be present.

The inter-base data sharing setting table may be automatically set basedon the ACL information.

Moreover, the present invention can be implemented by adding functionsto the conventional art through software. This eliminates the need toadd infrastructures. The present invention eliminates the need for thecommunication between the bases and thus the need to add a communicationinfrastructure to between the bases for data sharing. Furthermore, thedata sharing file system created at each base may be formed only ofstubs. Thus, the data sharing file system requires only a small capacityand requires no addition of storage. Additionally, the backup dataacquired for recovery performed when a disaster or a fault occurs at thebase can be utilized for the data sharing file system. Hence, the datacenter also requires no addition of storage.

Furthermore, the present invention can be carried out by softwareprogram codes that implement the functions of the embodiments. In thiscase, a storage medium in which the program codes are recorded isprovided to a system or an apparatus. A computer (or a CPU or an MPU) inthe system or apparatus reads the program codes stored in the storagemedium. In this case, the program codes themselves read from the storagemedium implement the functions of the embodiments. The program codesthemselves and the storage medium in which the program codes are storedform the present invention. The storage medium for providing the programcodes may be, for example, a flexible disk, a CD-ROM, a DVD-ROM, a harddisk, an optical disk, a magnetooptic disk, a CD-R, a magnetic tape, anonvolatile memory card, or a ROM.

Alternatively, based on instructions in the program codes, an OS(Operating System) or the like operating on the computer may execute apart or all of the actual processing so that the processing implementsthe functions of the above-described embodiments. Moreover, the programcodes read from the storage medium may be written to a memory on thecomputer. Then, based on the instructions in the program codes, the CPUor the like in the computer may execute a part or all of the actualprocessing so that the processing implements the functions of theabove-described embodiments.

Alternatively, the software program codes that implement the functionsof the embodiments may be distributed via a network and stored instorage means such as a hard disk or a memory in the system or apparatusor a storage medium such as a CD-RW or a CD-R. Then, when the programcodes are used, the computer (or CPU or MPU) in the system or apparatusmay read and execute the program codes stored in the storage means orthe storage medium.

Finally, it should be appreciated that the processes and techniquesdescribed herein are essentially not related to any particular apparatusand can be implemented by any suitable combination of components.Moreover, various types of general-purpose devices can be used inaccordance with the teachings described herein. It may be understood adedicated apparatus is advantageously constructed and used to executethe steps of the method described herein. The present invention has beendescribed in conjunction with the specific examples. However, theexamples are not intended for limitation but for illustration in anysense. Those skilled in the art will conceive many combinations ofhardware, software, and firmware which are suitable for carrying out thepresent invention. For example, the described software can beimplemented in a wide variety of programs or script languages such asassembler, C/C++, perl, Shell, PHP, and Java (registered trade marks).

In addition, other implementations of the present invention will beapparent to those having ordinary knowledge in the art, throughdiscussions of the specification and embodiments of the presentinvention disclosed herein. Various aspects and/or components of thedescribed embodiments can be used independently or in any combination,in a computerized storage system providing a function to manage data.The specification and specific examples are only typical, and the scopeand spirits of the present invention will be shown below in the claims.

REFERENCE SIGNS LIST

1000, 1100 NAS heads

1200 CAS head

1500, 1600, 1700 Storage systems

1300, 1310, 1320, 1330, 1340, 1350 NAS clients

1400 CAS client

1800 Base A

1810 Base B

1820 Data center

2210 File system A

3100 File system B

3110 Data sharing file system A′

2420 Tenant A

2430 Tenant B

2440 Sharing system tenant

1. A method for managing an information processing system (100)comprising a plurality of sub-computer systems (1800,1810) and a datamanagement computer system (1820) connected to the plurality ofsub-computer systems (1800, 1810), the plurality of sub-computer systems(1800, 1810) comprising storage subsystems (1500, 1600), respectively,to provide data to client computers (1300, 1310, 1320, 1330, 1340,1350), the data management computer system (1820) managing the datashifted from each of the sub-computer systems (1800, 1810), the methodcomprising: the data management computer system (1820) managing backupdata (2450) for the first sub-computer system (1800), and based on datasharing permission/inhibition information (3030, 13010) indicative ofdata shared by the plurality of sub-computer systems (1800, 1810),restoring at least a part of the backup data (2450) for the firstsub-computer system (1800) in a second sub-computer system (1810)different from the first sub-computer system (1800), and the secondsub-computer system (1810) storing the data restored by the datamanagement computer system (1820) in the storage subsystem (1600) in thesecond sub-computer system to generate a shared file system.
 2. Themethod for managing the information processing system (100) according toclaim 1, wherein the plurality of sub-computer systems (1800, 1810) usethe storage subsystems (1500, 1600), respectively, to provide an NASfile system, the first and second sub-computer systems (1800, 1810)store stub data corresponding to the data shifted to the data managementcomputer system (1820), in the NAS file system, the shared file systemincludes shared data stub data, the data included in the backup data(2450) includes access control information (7010, 7020) indicatingwhether or not a user is permitted to access the data and a range of theaccess, the data management computer system (1820) manages schedulinginformation on the restore process, when executing the restore process,the data management computer system (1820) determines whether or not toexecute the restore process on the data included in the backup data(2450), based on the access control information (7010, 7020), (i) ifdata stored in the storage subsystem (1500) in the first sub-computersystem (1800) is changed, the data management computer system (1820)reflects the change in the data in the backup data (2450), the datamanagement computer system (1820) executes the restore process again inaccordance with the scheduling information (8020) at a timing differentfrom a timing when the change in the data is reflected in the backupdata (2450), (ii) if the first or second sub-computer system (1800,1810) uses the stub data to access the data, the data managementcomputer system (1820) transmits actual data corresponding to the stubdata to the sub-computer system (100, 1810) having made the accessrequest, upon receiving the actual data, the sub-computer system (1800,1810) replaces the stub data with the actual data, holds the actual datafor a predetermined period, and after the predetermined period elapses,returns the actual data to the corresponding stub data, (iii) if thesecond sub-computer system (1810) uses the shared data stub data toaccess the data, the data management computer system (1820) transmitsshared actual data corresponding to the shared stub data, to the secondsub-computer system (1810), and the second sub-computer system (1810)replaces the shared data stub data with the shared actual data, holdsthe shared actual data for a pre-determined period, and after thepredetermined period elapses, returns the shared actual data to thecorresponding shared data stub data.
 3. The method for managing theinformation processing system (100) according to claim 1, wherein thedata management computer system (1820) manages the schedulinginformation (8020) on the restore process, if the data stored in thestorage subsystem (1500) in the first sub-computer system (1800) ischanged, the data management computer system (1820) reflects the changein the data in the backup data (2450), and the data management computersystem (1820) executes the restore process again in accordance with thescheduling information (8020) at a timing different from a timing whenthe change in the data is reflected in the backup data (2450).
 4. Themethod for managing the information processing system (100) according toclaim 1, wherein the first and second sub-computer systems (1800, 1810)store stub data corresponding to the data shifted to the data managementcomputer system (1820), in the respective storage subsystems (1500,1600), if the first or second sub-computer system (1800, 1810) uses thestub data to access the data, the data management computer system (1820)transmits actual data corresponding to the stub data, to thesub-computer system (1800, 1810) having made the access request, andupon receiving the actual data, the sub-computer system (1800, 1810)replaces the stub data with the actual data, holds the actual data for apredetermined period, and after the predetermined period elapses,returns the actual data to the corresponding stub data.
 5. The methodfor managing the information processing system (100) according to claim4, wherein the shared file system includes shared data stub data, if thesecond sub-computer system (1810) uses the shared data stub data toaccess the data, the data management computer system (1820) transmitsthe shared actual data corresponding to the shared stub data, to thesecond sub-computer system (1810), and the second sub-computer system(1810) replaces the shared data stub data with the shared actual data,holds the shared actual data for a pre-determined period, and after thepredetermined period elapses, returns the shared actual data to thecorresponding shared data stub data.
 6. The method for managing theinformation processing system (100) according to claim 1, wherein thedata included in the backup data (2450) includes access controlinformation (7010, 7020) indicating whether or not a user is permittedto access the data and a range of the access, and based on the accesscontrol information (7010, 7020), the data management computer system(1820) determines whether or not to execute the restore process on thedata included in the backup data (2450).
 7. The method for managing theinformation processing system (100) according to claim 1, wherein thedata management computer system (1820) manages sharing range informationindicative of a range of users permitted to share the data included inthe backup data (2450), and based on the sharing range information,determines whether or not to execute the restore process on the dataincluded in the backup data (2450).
 8. The method for managing theinformation processing system (100) according to claim 7, wherein thedata included in the backup data (2450) includes access controlinformation (7010, 7020) indicating whether or not the user is permittedto access the data and the range of the access, and the secondsub-computer system (1810) processes an access request from any of theclient computers (1330, 1340, 1350) for the shared file system generatedby the restore process, based on the access control information (7010,7020) instead of the sharing range information (1310) used for therestore process, to determine whether or not to permit the access.
 9. Adata management computer system (1820) connected to a plurality ofsub-computer systems (1800, 1810) to manage data shifted from thesub-computer systems (1800, 1810), the data management computer system(1820) comprising a control device (1200) and a storage system (1700)with a disk device, wherein the storage system (1700) stores backup data(2450) for a first sub-computer system (1800) included in the pluralityof sub-computer systems (1800, 1810), and based on data sharingpermission/inhibition information (3030, 13010) indicative of datashared by the plurality of sub-computer systems (1800, 1810), thecontrol device (1200) restores at least a part of the backup data (2450)in a second sub-computer system (1810) different from the firstsub-computer system (1800) to enable a shared file system to begenerated in the second sub-computer system (1810).
 10. The datamanagement computer system (1820) according to claim 9, furthercomprising: a management computer (1400) for an administrator, whereinthe data included in the backup data (2450) includes access controlinformation (7010, 7020) indicating whether or not a user is permittedto access the data and a range of the access, based on the accesscontrol information (7010, 7020), the control device (1200) determineswhether or not to execute the restore process on the data included inthe backup data (2450), the control device (1200) further managesscheduling information (8020) on the restore process, if the data storedin the first sub-computer system (1800) is changed, the control device(1200) reflects the change in the data in the backup data (2450), thecontrol device (1200) executes the restore process again in accordancewith the scheduling information (8020) at a timing different from atiming when the change in the data is reflected in the backup data(2450), if the second sub-computer system (1810) uses shared data whichis a part of the backup data (2450) and which is stub data forcorresponding shared actual data to access the corresponding actual datastored in the storage subsystem (1700), the control device (1200)transmits the shared actual data corresponding to the shared data stubdata to the second sub-computer system (1810), and the managementcomputer (1300) allows a display device to display a setting screen(14000, 15000) required to set data sharing setting information (2460)including the data sharing permission/inhibition information (3030,13010), the scheduling information (8020) on the restore process, andcache maintenance period information (8030) indicative of a period forwhich the shared actual data is held in the second sub-computer system(1810) if an access is made with the shared stub data.
 11. The datamanagement computer system (1820) according to claim 9, wherein thecontrol device (1200) manages the scheduling information (8020) on therestore process, if the data stored in the first sub-computer system(1800) is changed, the control device (1200) reflects the change in thedata in the backup data (2450), and the control device (1200) executesthe restore process again in accordance with the scheduling information(8020) at a timing different from a timing when the change in the datais reflected in the backup data (2450).
 12. The data management computersystem (1820) according to claim 9, wherein if the second sub-computersystem (1810) uses shared data which is a part of the backup data (2450)and which is stub data for corresponding shared actual data to accessthe corresponding actual data stored in the storage system (1700), thecontrol device (1200) transmits the shared actual data corresponding tothe shared data stub data to the second sub-computer system (1810). 13.The data management computer system (1820) according to claim 9, whereinthe data included in the backup data (2450) includes access controlinformation (7010, 7020) indicating whether or not a user is permittedto access the data and a range of the access, and based on the accesscontrol information (7010, 7020), the control device (1200) determineswhether or not to execute the restore process on the data included inthe backup data (2450).
 14. The data management computer system (1820)according to claim 9, wherein the control device (1200) manages sharingrange information (1310) indicative of a range of users permitted toshare the data included in the backup data (2450), and based on thesharing range information (1310), determines whether or not to executethe restore process on the data included in the backup data (2450). 15.The data management computer system (1820) according to claim 12,further comprising: a management computer (1400) for an administrator,wherein the management computer (1300) allows the display device todisplay the setting screen (14000, 15000) required to set data sharingsetting information (2460) including the data sharingpermission/inhibition information (3030, 13010), the schedulinginformation (8020) on the restore process, and cache maintenance periodinformation (8030) indicative of the period for which the shared actualdata is held in the second sub-computer system (1810) if an access ismade with the shared stub data.